Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco PIX

Status
Not open for further replies.
pchan

pchan

Technical User
Jul 29, 2000
53
US
Question.

I have a external subnet of 219.177.61.33 - .62 Mask 255.255.255.224. The cisco is configured to NAT an internal subnet of 192.168.1.X.

The problem is that the internal subnet cannot see the external subnet addresses of 219.177.61.33 - .62. Is there parameter that I am missing to allow this?

Thanks in advance.
Perry
 
Sort by date Sort by votes
What do you mean can't see?

Do you mean you can't access anything on those IP addresses..

If so, you're probably talking about connections that go to public IP's whcih revert back to internal IP's on the pix.. This is not permitted. This basically causes the connection to bounce off the outside interface, and the PIX cannot route.

BuckWeet
 
Upvote 0 Downvote
Due to security reasons, I cannot post this config.

But maybe if I clarify the question more.

Outside Interface - 219.177.61.33 - 219.177.61.62
Inside Interface - 192.168.1.1 - 192.168.1.254

Workstation on inside interface cannot ping any outside interfaces nor get to them. I have several websites that are hosted on the 219.177.61.x subnet and the internal workstations cannot browse.

I have worked around this by changing the DNS to resolve the website names to the internal interface.

I know other firewalls are able to accomplish this but have found no way to do this with the PIX.

Thanks!!
Perry
 
Upvote 0 Downvote
If you try and get to the server without using the FQDN does this work??

The inside network should have no problem getting to the outside it you're natting correctly.

Can you get to anything on the outside (
I understand your security concerns regarding the configuration. But, if you could, just delete the passwords and change the REAL IP's for bogus ones. Also, just post the stuff we need to see (ie. no need for VPN config portion). PIX configs are routinely posted on this forum (with the suggestions I mentioned above).
 
Upvote 0 Downvote
You're problem is that you're trying to access an IP that the outside interface is answering for. Which basically is causing it to route in a sense.. Which the pix does not support.

You might try using the ALIAS command
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MottoK
  • Locked
  • Question
Cisco ISE blank GUI
Replies
0
Views
624
MottoK
MottoK
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
839
intel233
intel233
intel233
  • Locked
  • Question
Cisco ASA 5510 -Static NAT Help
Replies
8
Views
975
intel233
intel233
AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
453
AllenH12
AllenH12
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
281
WhosYourDiffie
WhosYourDiffie

Part and Inventory Search

Sponsor

Back
Top